LTE :Mobile Network Security

Satish Chavan satchavan@gmail.com

Introduction

LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.

With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.

LTE architecture was developed by 3GPP taking into consideration security principles right from its inception and design based on five security feature groups.

1. Network access security, to provide a secure access to the service by the user. 2. Network domain security, to protect the network elements and secure the signalling and user

data exchange. 3. User domain security, to control the secure access to mobile stations 4. Application domain security, to establish secure communications over the application layer 5. Visibility and configuration of security, bring the opportunity for the user to check if the

security features are in operation.

Introduction-2

I. Network Access Security These security features facilitates the UEs for the secure access to EPC and protects possible attacks on radio link through integrity protection and ciphering between the USIM, ME, EUTRAN and entities of EPC (both serving networks and home networks).

II. Network domain security The set of security features protects possible attack on wire line networks and enables the data exchange in secure manner.

III. User domain security The mutual authentication of USIM and ME is supported using a secret PIN before they can access each other.

IV. Application level security These are the set of security features that enables the application in UE and the service provider domain for the secure exchange of messages. V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non 3GPP access networks and provide security protection on the access link.

LTE architecture model has been divided into the following network segments:

LTE LTE architecture model

1. User equipment (UE), 2. Access, 3. Evolved Packet Core Transport 4. Service network

LTE security architecture

Key security threats/risks

LTE security requirements are very different from UMTS. An LTE security gateway solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also provide SCTP firewall functions to protect the mobile packet core from signaling storms and man in the middle attacks.

Key security threats/risks:

1. Distributed network and open architecture 2. Complex business models (IS/Service sharing) 3. Decentralized accountability for security 4. Minimizing security spend

Preventative measures:

1. Interoperability standards 2. Strong partner agreement 3. Security audits with remediation commitments 4. Security Budget

LTE Network segments wise risk and measures-1

Network segments Key risks ,Security threats Preventative measures

User Equipment (UE) subscriber entry points into the LTE network

1. Physical attacks 2. Risk of data loss, privacy 3. Lack of security standards &

controls on UEs 4. Application layer: virus, malware,

phishing

1. Subscriber education 2. Antivirus 3. Industry security standards &

controls on UE 4. Strong authentication,

authorization, encryption

Access interconnection between UE and EUTRAN.

1. Physical attacks 2. Rogue eNodeBs 3. Eavesdropping, Redirection, MitM

attacks, DoS 4. Privacy

1. Physical security 2. Authentication, authorization,

encryption 3. Network monitoring, IPS

systems 4. Security Architecture

LTE

Network segments Key risks ,Security threats Preventative measures

Core (EPC)/Transport manages user authentication, authorization and accounting (AAA), IP address allocation, mobility , charging, QoS and security

1. Unauthorized access 2. DoS and DDoS attacks 3. Overbilling attacks (IP address

hijacking, IP spoofing)

1. Security Architecture: VPNs, VLANs

2. Encryption, IKE/ IPSec 3. Network monitoring,

management and load balancing

Service Network Security management in IMS is particularly important

1. Unauthorised access 2. Service abuse attacks, Theft of

service 3. Network snoop, session hijacking

1. Border Security 2. Strong authentication 3. Enable security protocols 4. Implement Security Gateways

Network segments wise risk and measures-2

Attack type Trigger and impact

DDoS The target network is flooded by traffic from multiple sources.

Ping flood A large volume of ping packets causes a network to crash. In a “ping of death,” malformed ping requests are used.

SYN flood

The attacker sends a high number of TCP/SYN packets, which the network accepts as connection requests and which overwhelm the network.

Replay attack

The attacker intercepts legitimate signaling traffic and retransmits it until the network is overwhelmed.

SQL injection

The attacker sends malicious commands in statements to a SQL database to make unauthorized changes to the database or to get a copy of the data.

DNS hijacking The attacker redirects DNS queries to a rogue DNS server.

IP port scans The attacker scans network elements for active ports and exploits their vulnerabilities.

Attack type, Trigger and impact

Legacy Network IP Based network

Mobile Devices

Voice-based network, Limited data capabilities: easier for operators to control.

Data-centric devices, visible from the internet: increased vulnerability, more entry points, less control.

Equipment

Expensive RAN equipment, large form factor: difficult to buy or operate a rogue base station.

Femto cells, small cells and Wi-Fi hotspots: Easier and cheaper provide an entry point to the mobile network.

Network architecture

Proprietary, Hierarchical/Close networks Difficult to penetrate, Easier to protect.

Flat networks, More connections among elements Porous easier to penetrate.

Signaling

SS7: Closed signaling environment, Difficult to penetrate.

Diameter: IP increases mobile networks vulnerability to security threats.

Applications

Few applications available or used limited entry points to devices.

Applications in a fragmented is difficult to control

Misc / Economic /security targets.

Billing fraud Limited use of cellular networks for M2M applications.

Access to corporations and government. M2M unmonitored devices difficult to protect without stricter security requirements.

Transition to IP-based mobile networks

Preventative measures - Security audits -1

Audit Main Point

GTP •  Endpoint discovery •  Illegal connection/association establishment –  User identity impersonation –  Fuzzing •  Leak of user traffic

1. to Core Network (EPC) 2. to LTE RAN

X2AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM

LTE Preventative measures - Security audits -2

Audit Audit Point

S1AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM –  NAS injection

LTE EPC DNS Audit •  EPC DNS is important •  EPC DNS scanner •  Close to GRX / IMS

security approach LTE Security Approach

• First Level Router-based Security Protection for all attacks

• Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the receiving network. The Router can provide DoS protection for the connected network using rate limiting to prevent performance-impacting overload ofthe network and services.

1

• Second Level Firewall-based Security Inner Layer Protection

• Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP) inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet inspection supports both stateful signatures and protocol anomalies.

2

• Third Level Host Security Protection for smartest attacks

• Network devices including packet gateways, application nodes provide further access control measures. using identification, authentication and authorization mechanisms. Node hardening’. This includes measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol (BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and management.

3

LTE Network Element & IP Network Security Measures

Network Security Measures • Network elements designed and implemented with security and comply with the 3GPP

recommendations.

• Network element security architecture.

• Network element hardening and security testing.

• Threat and risk analysis per network element.

• Security audit, Timely patch and hardware upgradation.

• Security vulnerability and performance monitoring.

• Authorized site access.

IP Network Security Measures • Secure operation and maintenance process.

• Perimeter security and Traffic separation

• IPsec used to be mandatory for core network.

LTE OM Security Measures

OM Security functions in the system Measures 1. The log and security alarm function monitors the security of the whole system and reports

the security information to the management system.

2. The user authentication and access control function controls the user access to avoid access of invalid users.

3. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB.

– Digital Signature of Software is used to ensure software integrity and reliability

– An eNodeB can be deployed using a Secured USB storage device

– Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like operating systems are corrupted, backup data can be used to restore the system.

4. The OM channel security ensures security for the channel between EMS equipment and the NEs.

– Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer

– NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time

LTE eNodeB Security architechture

LTE eNodeB Security

LTE eNodeB Security

•Performs the crypto specified for radio interface and backhaul link •Access to the cleartext in the user plane •Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the core, detach mobiles, discard traffic • 3GPP requires a secure environment inside the eNB

• Stores keys, executes crypto, helps to secure boot • Preserves integrity and confidentiality of its content • Authorized access

TE Network Access Security 1

Network access security protects the mobile’s communications with the network across the air interface, which is the most vulnerable part of the system. Using four main techniques 1. Authentication 2. Confidentiality 3. Ciphering 4. Integrity protection

• Authentication - Evolved packet core (EPC) network and mobile confirm each other’s

identities the confirms that the user is authorized to use the network’s services and is not using a cloned device.

Mobile confirms that the network is genuine and is not a spoof network set up to steal the user’s personal data

LTE Network Access Security-2

• Confidentiality- protects the user’s identity International mobile subscriber identity (IMSI) is

one of the quantities that an intruder needs to clone a mobile so LTE avoids broadcasting it across the air interface wherever possible instead, the network identifies the user by means of temporary identities.

EPC knows the MME pool area that the mobile is in

during paging, then it uses the 40 bit STMSI otherwise (during the attach procedure) it uses the longer GUTI (Globally Unique Temporary ID) similarly, the radio access network uses the radio network temporary identifiers (RNTIs)

LTE Network Access Security-3

•Ciphering also known as encryption, ensures that intruders cannot read the data and signaling messages that the mobile and network exchange. The packet data convergence protocol (PDCP) ciphers data and signaling messages in the air interface access stratum, while the EMM protocol ciphers signaling messages in the non access stratum

• Integrity protection detects any attempt by an intruder to replay or modify signaling messages. Protects the system against problems such as man-in-the-middle attacks, in which an intruder intercepts a sequence of signaling messages and modifies and re-transmits them, in an attempt to take control of the mobile.

Authentication and key agreement procedure

Diagram for Authentication and key generation

http://www.3glteinfo.com/lte-security-architecture/

LTE EPS Key Hierarchy and Radio Interface Security

Keys and Key Hierarchy In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the MME and permanent master key is stored in the AuC. This approach provides the following advantages. 1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one

key does not deduce the second one. 2. The system is improved by providing key freshness and it is possible to renew the keys used in security

mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio interface and also the home network is not involved every time. This introduces a security versus complexity trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity which was not true in 3G.

The base station eNB stores another key KeNB and the addition of KeNB makes it possible to renew keys for protection of radio access without involving MME.

LTE Key Derivations

The hierarchy contains one root key (K), several intermediate keys such as CK, IK etc. and a set of leaf keys [5]. The purpose of the different keys are explained below.

1. K is a random bit string and it is a subscriber specific master key stored in USIM and AuC.

2. CK and IK are 128 bit keys derived from K using additional input parameters.

3. KASME is derived from CK and IK using two additional parameters, the serving network id and bitwise sum of two additional parameters (SQN and AK from the EPS AKA procedure). The KASME serves as local master key.

4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure that each new key KeNB derived differs from the earlier key. 5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for the initial NH derivation or previous NH as an additional input. 6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed and others may remain same.

LTE EPS Key Hierarchy

LTE Conclusion

How to Secure an LTE-Network?

•Comply with the 3GPP recommendations .

•IP network security mechanisms and recommendations .

•Network elements designed and implemented with security .

•Fraud management and tools.

•Regular security Audit, Performance and Traffic trend report .

•Monitor network element keeping security points in mind.

Security is a ongoing and never ending process!

LTE Abbreviations

3GPP 3. Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key eNB Evolved Node B enc Encryption EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunneling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System

Int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RA Registration Authority RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecomunication System UP User Plane USIM UMTS Subscriber Identity Module

LTE References

•3rd Generation Partnership Project, http://www.3gpp.org/ •Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document •ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper •Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha Bhasker •White Paper The Security Vulnerabilities of LTE: Risks for Operators •White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting •http://www.3glteinfo.com/lte-security-architecture/ •https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf

LTE